Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hide email addresses on the hats page when not logged in #854

Open
zg opened this issue May 12, 2020 · 4 comments
Open

hide email addresses on the hats page when not logged in #854

zg opened this issue May 12, 2020 · 4 comments
Labels
featurereq good first issue

Comments

@zg
Copy link

zg commented May 12, 2020

I'm one of the few users with a hat, and I received a spam email because someone scrapped the page.

One way to mitigate this is to require being logged in to view the sensitive contents of how users are validated.
@arandomandy
Copy link
Contributor

arandomandy commented May 18, 2020
edited

I'm sorry to hear that, @zg.

This sounds good to me. What do you say, @pushcx ? I suppose my question is whether you think it is useful to display the @domain.ltd? To be honest, I do not but perhaps I misunderstand its purpose. In my mind, if the hat's there, it means someone approved it; that should be enough to prove the veracity of it for others. However, there might be other reasons to include it that I am not aware of.

@pushcx
Copy link
Member

pushcx commented May 19, 2020

It's convenient to give a method of contact, as hats are for speaking officially on behalf of a project, so I'd like to keep that display for logged-in users. But yeah, let's not display them publicly.

@cnst
Copy link

cnst commented Jun 4, 2020

Another option is to use web-pages in place of email addresses. I believe when the feature was originally implemented by jcs@, he was asking for email addresses, because OpenBSD, doesn't have webpages with a catalogue of developers, but in NetBSD we do, and I've added access by ID a decade ago, so, that's a potential improvement to consider (however, it seems like not all developers have bothered to update the official webpage with their name and login).

@zg
Copy link
Author

zg commented Jun 4, 2020

Another option is to use web-pages in place of email addresses. I believe when the feature was originally implemented by jcs@, he was asking for email addresses, because OpenBSD, doesn't have webpages with a catalogue of developers, but in NetBSD we do, and I've added access by ID a decade ago, so, that's a potential improvement to consider (however, it seems like not all developers have bothered to update the official webpage with their name and login).

How would that work in the context of someone who has a hat designating that they're an employee for a large corporation, e.g. Apple?

magikid pushed a commit to magikid/lobsters that referenced this issue Jun 15, 2020
@cjone0102
Updates User show view
c1125e0 
This hides hats on user pages unless the user is logged in.  This change
is to prevent scraping of the user pages and spam going to those users
with hats listed.

Issue: lobsters#854
@magikid magikid mentioned this issue Jun 15, 2020
Closed
magikid pushed a commit to magikid/lobsters that referenced this issue Jun 15, 2020
@cjone0102
Updates hats index view
c9e15a0 
This checks that a user is logged in before showing the hat's link on
the hat index page.  This change is needed because a malicious anonymous
user scraped the page and send a user spam based on the email found on
it.

Issue: lobsters#854
magikid added a commit to magikid/lobsters that referenced this issue Jun 15, 2020
@magikid
Updates hats index view
5609bbb 
This checks that a user is logged in before showing the hat's link on
the hat index page.  This change is needed because a malicious anonymous
user scraped the page and send a user spam based on the email found on
it.

Issue: lobsters#854
magikid added a commit to magikid/lobsters that referenced this issue Jun 15, 2020
@magikid
Updates hats index view
b70b2e6 
This checks that a user is logged in before showing the hat's link on
the hat index page.  This change is needed because a malicious anonymous
user scraped the page and send a user spam based on the email found on
it.

Issue: lobsters#854
magikid added a commit to magikid/lobsters that referenced this issue Jun 15, 2020
@magikid
Updates hats index view
d707215 
This checks that a user is logged in before showing the hat's link on
the hat index page.  This change is needed because a malicious anonymous
user scraped the page and send a user spam based on the email found on
it.

Issue: lobsters#854
@magikid magikid mentioned this issue Jun 15, 2020
Merged
magikid added a commit to magikid/lobsters that referenced this issue Jul 21, 2020
@magikid
Updates hats index view
8623677 
This checks that a user is logged in before showing the hat's email on
the hat index page.  This change is needed because a malicious anonymous
user scraped the page and send a user spam based on the email found on
it.

This adds a few new tests around this functionality and handles the
sanitization of the link field in the model.

Issue: lobsters#854
magikid added a commit to magikid/lobsters that referenced this issue Jul 21, 2020
@magikid
Updates hats index view
ff4a284 
This checks that a user is logged in before showing the hat's email on
the hat index page.  This change is needed because a malicious anonymous
user scraped the page and send a user spam based on the email found on
it.

This adds a few new tests around this functionality and handles the
sanitization of the link field in the model.

Issue: lobsters#854
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
featurereq good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pushcx @cnst @zg @arandomandy